aacf3cf83e56d81e9fd0f610b038525e01577f11854478a281289dde4c46d9a3

Sharing

Copy URL

Twitter E-mail

General

Target

aacf3cf83e56d81e9fd0f610b038525e01577f11854478a281289dde4c46d9a3
Size

4.4MB
MD5

ee120ffd8d4eaba697006ea1bd39b47b
SHA1

5787d33ca6610d828bbb1adf32660978692c1468
SHA256

aacf3cf83e56d81e9fd0f610b038525e01577f11854478a281289dde4c46d9a3
SHA512

aa3f38d1905790e38e85dc9873fc8aac20028c79de614c5ab2f0c44514d25ffdcd7138d674cf0dfdf09edd063443caa49317c7ed904c824d34d7a1ee68c74fe3
SSDEEP

98304:vSawJQJawIgn1bwz9thuceFfn8D527BWG:qawWJaw9nFwz9tk8VQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aacf3cf83e56d81e9fd0f610b038525e01577f11854478a281289dde4c46d9a3

Files

aacf3cf83e56d81e9fd0f610b038525e01577f11854478a281289dde4c46d9a3
.exe windows:6 windows x64 arch:x64

6918e5ffa4c9c857dfbbc85fd98e682d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidToStringW
UuidCreate
NdrServerCallAll
RpcServerUseProtseqEpW
RpcStringFreeW
NdrClientCall3
RpcBindingVectorFree
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcEpUnregister
RpcEpRegisterW
NdrServerCall2
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcServerListen

kernel32

CreateDirectoryW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
CopyFileW
CloseThreadpoolTimer
DeleteFileW
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateThreadpoolWork
SubmitThreadpoolWork
WideCharToMultiByte
CreateProcessW
InitializeSListHead
GetFileAttributesW
OpenProcess
FormatMessageA
GetStringTypeW
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
GetCPInfo
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
Sleep
K32GetModuleFileNameExW
GetStdHandle
FindClose
MoveFileW
GetLocaleInfoW
GetUserGeoID
GetUserDefaultUILanguage
GetUserDefaultLCID
RtlLookupFunctionEntry
RtlCaptureContext
GetPackagesByPackageFamily
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
EncodePointer
WaitForSingleObjectEx
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
FlsAlloc
FlsGetValue
RtlCaptureStackBackTrace
FlsSetValue
FlsFree
WTSGetActiveConsoleSessionId
CreateFileW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetVolumeInformationW
DeviceIoControl
GlobalMemoryStatusEx
OutputDebugStringA
OutputDebugStringW
lstrlenW
K32GetModuleBaseNameW
FormatMessageW
LocalFree
LocalSize
LocalAlloc
GetModuleFileNameW
ExitProcess
GetFileAttributesA
GetCurrentProcess
CreatePipe
SetHandleInformation
CloseHandle
ReadFile
GetCurrentProcessId
K32EnumProcessModules
GetStartupInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
SetLastError
GetModuleHandleW
GetModuleHandleExW
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
TryAcquireSRWLockExclusive
InitializeSRWLock
RaiseException
DeleteVolumeMountPointW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
GetFileTime
GetLogicalDrives
QueryDosDeviceW
RemoveDirectoryW
GetVolumeNameForVolumeMountPointW
SetVolumeMountPointW
GetUserDefaultLangID
RtlPcToFileHeader
GetNativeSystemInfo
GetExitCodeThread
ReleaseMutex
CreateMutexW
K32EnumProcesses
HeapAlloc
QueryPerformanceCounter
CreateEventW
HeapFree
SwitchToThread
SystemTimeToFileTime
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetThreadpoolTimer
CreateThreadpoolTimer
GetSystemTime
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
TerminateProcess
GetProcessId
GetSystemDirectoryW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateThread
WaitForSingleObject
GetLastError
__C_specific_handler
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessHeap
FileTimeToSystemTime

advapi32

EventWriteTransfer
SetNamedSecurityInfoW
GetNamedSecurityInfoW
StartServiceW
QueryServiceConfigW
LookupAccountSidW
IsValidSid
InitializeAcl
GetLengthSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetAclInformation
GetAce
CopySid
AddAce
RegGetValueW
RegSetKeyValueW
RegDeleteKeyValueW
RegSetValueExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDecrypt
CreateProcessAsUserW
OpenProcessToken
CryptEncrypt
AdjustTokenPrivileges
DuplicateTokenEx
SetTokenInformation
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptAcquireContextA
EventSetInformation
LookupPrivilegeValueW
DeleteService
CreateServiceW
ControlService
EventWriteString
EventUnregister
EventRegister
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
CloseServiceHandle
ChangeServiceConfig2W
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket

oleaut32

SafeArrayGetLBound
CreateErrorInfo
SysStringLen
GetErrorInfo
VariantInit
SafeArrayGetUBound
SysFreeString
SysAllocString
VariantClear
SetErrorInfo
VariantChangeType
SafeArrayGetElement

iphlpapi

GetAdaptersAddresses

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification
RegisterPowerSettingNotification
GetWindowThreadProcessId
UnregisterPowerSettingNotification
MessageBoxW
wsprintfW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

winhttp

WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

ShellExecuteExW
SHGetKnownFolderPath

bcrypt

BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty

shlwapi

PathFileExistsW

api-ms-win-crt-runtime-l1-1-0

_initterm
_wassert
abort
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_endthreadex
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo
_seh_filter_dll
_initialize_wide_environment
_get_initial_wide_environment
_configure_wide_argv
_initterm_e
_exit
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo_noreturn
exit
terminate
_beginthreadex

api-ms-win-crt-string-l1-1-0

_wcsicmp
__strncnt
strcspn
wcstok_s
_wcsupr_s
isspace
strcmp
toupper
strncmp
strtok_s
strcpy_s
wcscpy_s
memset
isupper
iswalpha
iswupper
islower
towlower
wcsnlen
strcat_s
wcscat_s
strncpy_s
tolower
isdigit
wcsncpy_s
_wcsdup

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
_fsopen
__stdio_common_vsprintf_s
__stdio_common_vsprintf
_wfsopen
__stdio_common_vsscanf
__stdio_common_vfprintf
fseek
ftell
__stdio_common_vswprintf
_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vfwprintf
putc
getc
fopen_s
_get_stream_buffer_pointers
fputs
fclose
fflush
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtod
wcstol
strtoll
mbsrtowcs_s
atoi
strtoull
_wtoi
wcstoul
mbstowcs_s
wcstoll
strtof
atol

api-ms-win-crt-math-l1-1-0

pow
powf
ldexp
frexp
_dclass
__setusermatherr
_dsign

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_set_new_mode
_callnewh
_recalloc
malloc

api-ms-win-crt-time-l1-1-0

_difftime64
_localtime64_s
strftime
_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_gmtime64_s
_Getmonths
_Getdays
_mktime64
_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
___mb_cur_max_func
localeconv
__pctype_func
___lc_collate_cp_func
setlocale
_unlock_locales
___lc_locale_name_func
_lock_locales

api-ms-win-crt-filesystem-l1-1-0

rename
_rmdir
_findclose
_mkdir
_stat64i32
remove
_unlock_file
_lock_file
_findnext64i32
_findfirst64i32

api-ms-win-crt-utility-l1-1-0

srand
rand
rand_s

winsqlite3

sqlite3_errmsg
sqlite3_exec
sqlite3_free
sqlite3_close
sqlite3_finalize
sqlite3_step
sqlite3_bind_text
sqlite3_bind_null
sqlite3_bind_int
sqlite3_open
sqlite3_prepare_v2
sqlite3_bind_double

wininet

InternetGetConnectedState

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 631KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6918e5ffa4c9c857dfbbc85fd98e682d

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

advapi32

ole32

oleaut32

iphlpapi

user32

wtsapi32

userenv

setupapi

api-ms-win-security-base-l1-2-2

api-ms-win-power-base-l1-1-0

winhttp

version

shell32

bcrypt

shlwapi

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

winsqlite3

wininet

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 497KB - Virtual size: 497KB

.data Size: 631KB - Virtual size: 639KB

.pdata Size: 49KB - Virtual size: 49KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 497KB - Virtual size: 497KB

.data
Size: 631KB - Virtual size: 639KB

.pdata
Size: 49KB - Virtual size: 49KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 572KB - Virtual size: 576KB